﻿<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<IEnumerable<MvcApplication1.Services.get_dummy_userResult>>" %>

<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
	SQLInjection
</asp:Content>

<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">

    <h2>SQL Injection</h2>

    <span id="pre">What need to know</span> | 
    <span id="teach">About the Attack</span> | 
    <span id="lab">Lab</span> | 
    <span id="hint">Hints</span>

    <div id="preContent" class="initial">
        <h3>In order to learn this topic, you need to know:</h3>
        <p><a href="http://www.1keydata.com/sql/sql-syntax.html">SQL Syntax</a></p>
    </div>
    <div id="teachContent">
        <h3>About SQL Injection:</h3>
        <p>An SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website to perform operations on the database.</p>
        <p>Purpose of performing SQL injection attack:</p>
        <ul>
            <li>By-pass the authentication</li>
            <li>Delete data from the database</li>
            <li>Perform operations to make server busy</li>
            <li>etc...</li>
        </ul>
    </div>
    <div id="hintContent" class="initial" style="color:Red">
        <p>
            The SQL of the use authentication is: SELECT * FROM USER_TABLE WHERE USERNAME=@username AND PASSWORD=@password
        </p>
    </div>
    <div id="labContent" class="initial">
        <% using (Ajax.BeginForm("SQLInjectionAttack", null, new AjaxOptions { UpdateTargetId = "labResultDiv", OnComplete = "" }, new { id = "sql_injection" }))
           { %>
        <div id="labContentDiv">
            <% Html.RenderPartial("SQLInjectionControl"); %>
        </div>
        <% } %>
        <div id="labResultDiv">
        <% Html.RenderPartial("SQLInjectionResult"); %>   
        </div>
    </div>

</asp:Content>
